General

  • Target

    2b576ef794d567abd0bc1bade2aeee658b279c44fa9faafe05f959612bb7dd05

  • Size

    695KB

  • Sample

    241113-zm2mqsyhnq

  • MD5

    8baffb2489069b083dab9ae9a8553318

  • SHA1

    98ab14ef96f3cbda8c19b0f4bfc918f75e235a76

  • SHA256

    2b576ef794d567abd0bc1bade2aeee658b279c44fa9faafe05f959612bb7dd05

  • SHA512

    fce01c9cecf4e6cebebee581dd4be7546cf49b34b905b5843001688d4b383a18c2f509bb0e10f4dec29247c67778de8fc396cac5cc6d21492d31b180bb49b40b

  • SSDEEP

    12288:ny90t7V3B9m0jqDGut2uP28QSZRhuuHC0iDye7nOc4bDg:nyc7VRo0jyGutfxjvrle7nOTfg

Malware Config

Targets

    • Target

      2b576ef794d567abd0bc1bade2aeee658b279c44fa9faafe05f959612bb7dd05

    • Size

      695KB

    • MD5

      8baffb2489069b083dab9ae9a8553318

    • SHA1

      98ab14ef96f3cbda8c19b0f4bfc918f75e235a76

    • SHA256

      2b576ef794d567abd0bc1bade2aeee658b279c44fa9faafe05f959612bb7dd05

    • SHA512

      fce01c9cecf4e6cebebee581dd4be7546cf49b34b905b5843001688d4b383a18c2f509bb0e10f4dec29247c67778de8fc396cac5cc6d21492d31b180bb49b40b

    • SSDEEP

      12288:ny90t7V3B9m0jqDGut2uP28QSZRhuuHC0iDye7nOc4bDg:nyc7VRo0jyGutfxjvrle7nOTfg

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks